import isctest
from isctest.kasp import private_type_record
from isctest.template import Nameserver, TrustAnchor, Zone
+from isctest.run import EnvCmd
from rollover.common import default_algorithm
-class CmdHelper:
- def __init__(self, env_name: str, base_params: str = ""):
- self.bin_path = os.environ[env_name]
- self.base_params = base_params
-
- def __call__(self, params: str, **kwargs):
- args = f"{self.base_params} {params}".split()
- return isctest.run.cmd([self.bin_path] + args, **kwargs).stdout.decode("utf-8")
-
-
def configure_tld(zonename: str, delegations: List[Zone]) -> Zone:
templates = isctest.template.TemplateEngine(".")
alg = default_algorithm()
- keygen = CmdHelper("KEYGEN", f"-q -a {alg.number} -b {alg.bits} -L 3600")
- signer = CmdHelper("SIGNER", "-S -g")
+ keygen = EnvCmd("KEYGEN", f"-q -a {alg.number} -b {alg.bits} -L 3600")
+ signer = EnvCmd("SIGNER", "-S -g")
isctest.log.info(f"create {zonename} zone with delegations and sign")
# Some delegations are unsigned.
pass
- ksk_name = keygen(f"-f KSK {zonename}", cwd="ns2").strip()
- zsk_name = keygen(f"{zonename}", cwd="ns2").strip()
+ ksk_name = keygen(f"-f KSK {zonename}", cwd="ns2").out.strip()
+ zsk_name = keygen(f"{zonename}", cwd="ns2").out.strip()
ksk = isctest.kasp.Key(ksk_name, keydir="ns2")
zsk = isctest.kasp.Key(zsk_name, keydir="ns2")
dnskeys = [ksk.dnskey, zsk.dnskey]
def configure_root(delegations: List[Zone]) -> TrustAnchor:
templates = isctest.template.TemplateEngine(".")
alg = default_algorithm()
- keygen = CmdHelper("KEYGEN", f"-q -a {alg.number} -b {alg.bits} -L 3600")
- signer = CmdHelper("SIGNER", "-S -g")
+ keygen = EnvCmd("KEYGEN", f"-q -a {alg.number} -b {alg.bits} -L 3600")
+ signer = EnvCmd("SIGNER", "-S -g")
zonename = "."
isctest.log.info("create root zone with delegations and sign")
for zone in delegations:
shutil.copy(f"{zone.ns.name}/dsset-{zone.name}.", "ns1/")
- ksk_name = keygen(f"-f KSK {zonename}", cwd="ns1").strip()
- zsk_name = keygen(f"{zonename}", cwd="ns1").strip()
+ ksk_name = keygen(f"-f KSK {zonename}", cwd="ns1").out.strip()
+ zsk_name = keygen(f"{zonename}", cwd="ns1").out.strip()
ksk = isctest.kasp.Key(ksk_name, keydir="ns1")
zsk = isctest.kasp.Key(zsk_name, keydir="ns1")
dnskeys = [ksk.dnskey, zsk.dnskey]
templates.render(f"ns3/{outfile}", tdata, template=f"ns3/{template}")
if signing:
- signer = CmdHelper("SIGNER", "-S -g -x -s now-1h -e now+2w -O raw")
+ signer = EnvCmd("SIGNER", "-S -g -x -s now-1h -e now+2w -O raw")
signer(
f"{extra_options} -o {zonename} -f {outfile}.signed {outfile}", cwd="ns3"
)
# of a CSK algorithm rollover.
zones = []
zone = f"csk-algorithm-roll.{tld}"
- keygen = CmdHelper("KEYGEN", f"-k {policy}")
- settime = CmdHelper("SETTIME", "-s")
+ keygen = EnvCmd("KEYGEN", f"-k {policy}")
+ settime = EnvCmd("SETTIME", "-s")
# Step 1:
# Introduce the first key. This will immediately be active.
TsbmN = "now-161h"
csktimes = f"-P {TactN} -A {TactN}"
# Key generation.
- csk_name = keygen(f"-l csk1.conf {csktimes} {zonename}", cwd="ns3").strip()
+ csk_name = keygen(f"-l csk1.conf {csktimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g OMNIPRESENT -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -z OMNIPRESENT {TactN} -d OMNIPRESENT {TactN} {csk_name}",
cwd="ns3",
csktimes = f"-P {TactN} -A {TactN} -P sync {TsbmN} -I now"
newtimes = f"-P {TpubN1} -A {TpubN1}"
# Key generation.
- csk1_name = keygen(f"-l csk1.conf {csktimes} {zonename}", cwd="ns3").strip()
- csk2_name = keygen(f"-l csk2.conf {newtimes} {zonename}", cwd="ns3").strip()
+ csk1_name = keygen(f"-l csk1.conf {csktimes} {zonename}", cwd="ns3").out.strip()
+ csk2_name = keygen(f"-l csk2.conf {newtimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -z OMNIPRESENT {TactN} -d OMNIPRESENT {TactN} {csk1_name}",
cwd="ns3",
csktimes = f"-P {TactN} -A {TactN} -P sync {TsbmN} -I {TsbmN1}"
newtimes = f"-P {TpubN1} -A {TpubN1} -P sync {TsbmN1}"
# Key generation.
- csk1_name = keygen(f"-l csk1.conf {csktimes} {zonename}", cwd="ns3").strip()
- csk2_name = keygen(f"-l csk2.conf {newtimes} {zonename}", cwd="ns3").strip()
+ csk1_name = keygen(f"-l csk1.conf {csktimes} {zonename}", cwd="ns3").out.strip()
+ csk2_name = keygen(f"-l csk2.conf {newtimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -z OMNIPRESENT {TactN} -d OMNIPRESENT {TactN} {csk1_name}",
cwd="ns3",
csktimes = f"-P {TactN} -A {TactN} -P sync {TsbmN} -I {TsbmN1}"
newtimes = f"-P {TpubN1} -A {TpubN1} -P sync {TsbmN1}"
# Key generation.
- csk1_name = keygen(f"-l csk1.conf {csktimes} {zonename}", cwd="ns3").strip()
- csk2_name = keygen(f"-l csk2.conf {newtimes} {zonename}", cwd="ns3").strip()
+ csk1_name = keygen(f"-l csk1.conf {csktimes} {zonename}", cwd="ns3").out.strip()
+ csk2_name = keygen(f"-l csk2.conf {newtimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -z OMNIPRESENT {TsbmN1} -d UNRETENTIVE {TsbmN1} -D ds {TsbmN1} {csk1_name}",
cwd="ns3",
csktimes = f"-P {TactN} -A {TactN} -P sync {TsbmN} -I {TsbmN1}"
newtimes = f"-P {TpubN1} -A {TpubN1} -P sync {TsbmN1}"
# Key generation.
- csk1_name = keygen(f"-l csk1.conf {csktimes} {zonename}", cwd="ns3").strip()
- csk2_name = keygen(f"-l csk2.conf {newtimes} {zonename}", cwd="ns3").strip()
+ csk1_name = keygen(f"-l csk1.conf {csktimes} {zonename}", cwd="ns3").out.strip()
+ csk2_name = keygen(f"-l csk2.conf {newtimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k UNRETENTIVE {TactN} -r UNRETENTIVE {TactN} -z UNRETENTIVE {TsbmN1} -d HIDDEN {TsbmN1} {csk1_name}",
cwd="ns3",
csktimes = f"-P {TactN} -A {TactN} -P sync {TsbmN} -I {TsbmN1}"
newtimes = f"-P {TpubN1} -A {TpubN1} -P sync {TsbmN1}"
# Key generation.
- csk1_name = keygen(f"-l csk1.conf {csktimes} {zonename}", cwd="ns3").strip()
- csk2_name = keygen(f"-l csk2.conf {newtimes} {zonename}", cwd="ns3").strip()
+ csk1_name = keygen(f"-l csk1.conf {csktimes} {zonename}", cwd="ns3").out.strip()
+ csk2_name = keygen(f"-l csk2.conf {newtimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k HIDDEN {TactN} -r UNRETENTIVE {TactN} -z UNRETENTIVE {TactN} -d HIDDEN {TsbmN1} {csk1_name}",
cwd="ns3",
# algorithm rollover.
zones = []
zone = f"algorithm-roll.{tld}"
- keygen = CmdHelper("KEYGEN", "-L 3600")
- settime = CmdHelper("SETTIME", "-s")
+ keygen = EnvCmd("KEYGEN", "-L 3600")
+ settime = EnvCmd("SETTIME", "-s")
# Step 1:
# Introduce the first key. This will immediately be active.
TsbmN = "now-161h"
keytimes = f"-P {TactN} -A {TactN}"
# Key generation.
- ksk_name = keygen(f"-a RSASHA256 -f KSK {keytimes} {zonename}", cwd="ns3").strip()
- zsk_name = keygen(f"-a RSASHA256 {keytimes} {zonename}", cwd="ns3").strip()
+ ksk_name = keygen(
+ f"-a RSASHA256 -f KSK {keytimes} {zonename}", cwd="ns3"
+ ).out.strip()
+ zsk_name = keygen(f"-a RSASHA256 {keytimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g OMNIPRESENT -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -d OMNIPRESENT {TactN} {ksk_name}",
cwd="ns3",
# Key generation.
ksk1_name = keygen(
f"-a RSASHA256 -f KSK {ksk1times} {zonename}", cwd="ns3"
- ).strip()
- zsk1_name = keygen(f"-a RSASHA256 {zsk1times} {zonename}", cwd="ns3").strip()
+ ).out.strip()
+ zsk1_name = keygen(
+ f"-a RSASHA256 {zsk1times} {zonename}", cwd="ns3"
+ ).out.strip()
ksk2_name = keygen(
f"-a ECDSA256 -f KSK {ksk2times} {zonename}", cwd="ns3"
- ).strip()
- zsk2_name = keygen(f"-a ECDSA256 {zsk2times} {zonename}", cwd="ns3").strip()
+ ).out.strip()
+ zsk2_name = keygen(f"-a ECDSA256 {zsk2times} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -d OMNIPRESENT {TactN} {ksk1_name}",
cwd="ns3",
# Key generation.
ksk1_name = keygen(
f"-a RSASHA256 -f KSK {ksk1times} {zonename}", cwd="ns3"
- ).strip()
- zsk1_name = keygen(f"-a RSASHA256 {zsk1times} {zonename}", cwd="ns3").strip()
+ ).out.strip()
+ zsk1_name = keygen(
+ f"-a RSASHA256 {zsk1times} {zonename}", cwd="ns3"
+ ).out.strip()
ksk2_name = keygen(
f"-a ECDSA256 -f KSK {ksk2times} {zonename}", cwd="ns3"
- ).strip()
- zsk2_name = keygen(f"-a ECDSA256 {zsk2times} {zonename}", cwd="ns3").strip()
+ ).out.strip()
+ zsk2_name = keygen(f"-a ECDSA256 {zsk2times} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -d OMNIPRESENT {TactN} {ksk1_name}",
cwd="ns3",
# Key generation.
ksk1_name = keygen(
f"-a RSASHA256 -f KSK {ksk1times} {zonename}", cwd="ns3"
- ).strip()
- zsk1_name = keygen(f"-a RSASHA256 {zsk1times} {zonename}", cwd="ns3").strip()
+ ).out.strip()
+ zsk1_name = keygen(
+ f"-a RSASHA256 {zsk1times} {zonename}", cwd="ns3"
+ ).out.strip()
ksk2_name = keygen(
f"-a ECDSA256 -f KSK {ksk2times} {zonename}", cwd="ns3"
- ).strip()
- zsk2_name = keygen(f"-a ECDSA256 {zsk2times} {zonename}", cwd="ns3").strip()
+ ).out.strip()
+ zsk2_name = keygen(f"-a ECDSA256 {zsk2times} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -d UNRETENTIVE {TsbmN1} -D ds {TsbmN1} {ksk1_name}",
cwd="ns3",
# Key generation.
ksk1_name = keygen(
f"-a RSASHA256 -f KSK {ksk1times} {zonename}", cwd="ns3"
- ).strip()
- zsk1_name = keygen(f"-a RSASHA256 {zsk1times} {zonename}", cwd="ns3").strip()
+ ).out.strip()
+ zsk1_name = keygen(
+ f"-a RSASHA256 {zsk1times} {zonename}", cwd="ns3"
+ ).out.strip()
ksk2_name = keygen(
f"-a ECDSA256 -f KSK {ksk2times} {zonename}", cwd="ns3"
- ).strip()
- zsk2_name = keygen(f"-a ECDSA256 {zsk2times} {zonename}", cwd="ns3").strip()
+ ).out.strip()
+ zsk2_name = keygen(f"-a ECDSA256 {zsk2times} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k UNRETENTIVE {TsbmN1} -r UNRETENTIVE {TsbmN1} -d HIDDEN {TsbmN1} {ksk1_name}",
cwd="ns3",
zsk2times = f"-P {TpubN1} -A {TpubN1}"
ksk1_name = keygen(
f"-a RSASHA256 -f KSK {ksk1times} {zonename}", cwd="ns3"
- ).strip()
- zsk1_name = keygen(f"-a RSASHA256 {zsk1times} {zonename}", cwd="ns3").strip()
+ ).out.strip()
+ zsk1_name = keygen(
+ f"-a RSASHA256 {zsk1times} {zonename}", cwd="ns3"
+ ).out.strip()
ksk2_name = keygen(
f"-a ECDSA256 -f KSK {ksk2times} {zonename}", cwd="ns3"
- ).strip()
- zsk2_name = keygen(f"-a ECDSA256 {zsk2times} {zonename}", cwd="ns3").strip()
+ ).out.strip()
+ zsk2_name = keygen(f"-a ECDSA256 {zsk2times} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k HIDDEN {TsbmN1} -r UNRETENTIVE {TsbmN1} -d HIDDEN {TsbmN1} {ksk1_name}",
cwd="ns3",
zones = []
zone = f"csk-roll1.{tld}"
cds = "cdnskey,cds:sha384"
- keygen = CmdHelper("KEYGEN", f"-k {policy} -l kasp.conf")
- settime = CmdHelper("SETTIME", "-s")
+ keygen = EnvCmd("KEYGEN", f"-k {policy} -l kasp.conf")
+ settime = EnvCmd("SETTIME", "-s")
# Step 1:
# Introduce the first key. This will immediately be active.
TactN = "now-7d"
keytimes = f"-P {TactN} -A {TactN}"
# Key generation.
- csk_name = keygen(f"{keytimes} {zonename}", cwd="ns3").strip()
+ csk_name = keygen(f"{keytimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g OMNIPRESENT -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -z OMNIPRESENT {TactN} -d OMNIPRESENT {TactN} {csk_name}",
cwd="ns3",
TactN = "now-4461h"
keytimes = f"-P {TactN} -A {TactN}"
# Key generation.
- csk_name = keygen(f"{keytimes} {zonename}", cwd="ns3").strip()
+ csk_name = keygen(f"{keytimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g OMNIPRESENT -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -z OMNIPRESENT {TactN} -d OMNIPRESENT {TactN} {csk_name}",
cwd="ns3",
)
newtimes = f"-P {TpubN1} -P sync {TactN1} -A {TactN1} -I {TretN1} -D {TremN1}"
# Key generation.
- csk1_name = keygen(f"{keytimes} {zonename}", cwd="ns3").strip()
- csk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").strip()
+ csk1_name = keygen(f"{keytimes} {zonename}", cwd="ns3").out.strip()
+ csk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -z OMNIPRESENT {TactN} -d OMNIPRESENT {TactN} {csk1_name}",
cwd="ns3",
)
newtimes = f"-P {TpubN1} -P sync {TactN1} -A {TactN1} -I {TretN1} -D {TremN1}"
# Key generation.
- csk1_name = keygen(f"{keytimes} {zonename}", cwd="ns3").strip()
- csk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").strip()
+ csk1_name = keygen(f"{keytimes} {zonename}", cwd="ns3").out.strip()
+ csk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -z UNRETENTIVE {TactN1} -d UNRETENTIVE {TactN1} -D ds {TactN1} {csk1_name}",
cwd="ns3",
)
newtimes = f"-P {TpubN1} -P sync {TactN1} -A {TactN1} -I {TretN1} -D {TremN1}"
# Key generation.
- csk1_name = keygen(f"{keytimes} {zonename}", cwd="ns3").strip()
- csk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").strip()
+ csk1_name = keygen(f"{keytimes} {zonename}", cwd="ns3").out.strip()
+ csk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k OMNIPRESENT {TactN} -r UNRETENTIVE now-2h -z UNRETENTIVE {TactN1} -d HIDDEN now-2h {csk1_name}",
cwd="ns3",
)
newtimes = f"-P {TpubN1} -P sync {TactN1} -A {TactN1} -I {TretN1} -D {TremN1}"
# Key generation.
- csk1_name = keygen(f"{keytimes} {zonename}", cwd="ns3").strip()
- csk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").strip()
+ csk1_name = keygen(f"{keytimes} {zonename}", cwd="ns3").out.strip()
+ csk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k OMNIPRESENT {TactN} -r HIDDEN {TremN} -z UNRETENTIVE {TactN1} -d HIDDEN {TremN} {csk1_name}",
cwd="ns3",
)
newtimes = f"-P {TpubN1} -P sync {TactN1} -A {TactN1} -I {TretN1} -D {TremN1}"
# Key generation.
- csk1_name = keygen(f"{keytimes} {zonename}", cwd="ns3").strip()
- csk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").strip()
+ csk1_name = keygen(f"{keytimes} {zonename}", cwd="ns3").out.strip()
+ csk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k UNRETENTIVE {TremN} -r HIDDEN {TremN} -z HIDDEN {TactN1} -d HIDDEN {TremN} {csk1_name}",
cwd="ns3",
)
newtimes = f"-P {TpubN1} -P sync {TactN1} -A {TactN1} -I {TretN1} -D {TremN1}"
# Key generation.
- csk1_name = keygen(f"{keytimes} {zonename}", cwd="ns3").strip()
- csk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").strip()
+ csk1_name = keygen(f"{keytimes} {zonename}", cwd="ns3").out.strip()
+ csk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k HIDDEN {TremN} -r HIDDEN {TremN} -z HIDDEN {TactN1} -d HIDDEN {TremN} {csk1_name}",
cwd="ns3",
zones = []
zone = f"csk-roll2.{tld}"
cds = "cdnskey,cds:sha-256,cds:sha-384"
- keygen = CmdHelper("KEYGEN", f"-k {policy} -l kasp.conf")
- settime = CmdHelper("SETTIME", "-s")
+ keygen = EnvCmd("KEYGEN", f"-k {policy} -l kasp.conf")
+ settime = EnvCmd("SETTIME", "-s")
# Step 1:
# Introduce the first key. This will immediately be active.
TactN = "now-7d"
keytimes = f"-P {TactN} -A {TactN}"
# Key generation.
- csk_name = keygen(f"{keytimes} {zonename}", cwd="ns3").strip()
+ csk_name = keygen(f"{keytimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g OMNIPRESENT -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -z OMNIPRESENT {TactN} -d OMNIPRESENT {TactN} {csk_name}",
cwd="ns3",
TactN = "now-4461h"
keytimes = f"-P {TactN} -A {TactN}"
# Key generation.
- csk_name = keygen(f"{keytimes} {zonename}", cwd="ns3").strip()
+ csk_name = keygen(f"{keytimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g OMNIPRESENT -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -z OMNIPRESENT {TactN} -d OMNIPRESENT {TactN} {csk_name}",
cwd="ns3",
)
newtimes = f"-P {TpubN1} -P sync {TactN1} -A {TactN1} -I {TretN1} -D {TremN1}"
# Key generation.
- csk1_name = keygen(f"{keytimes} {zonename}", cwd="ns3").strip()
- csk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").strip()
+ csk1_name = keygen(f"{keytimes} {zonename}", cwd="ns3").out.strip()
+ csk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -z OMNIPRESENT {TactN} -d OMNIPRESENT {TactN} {csk1_name}",
cwd="ns3",
)
newtimes = f"-P {TpubN1} -P sync {TactN1} -A {TactN1} -I {TretN1} -D {TremN1}"
# Key generation.
- csk1_name = keygen(f"{keytimes} {zonename}", cwd="ns3").strip()
- csk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").strip()
+ csk1_name = keygen(f"{keytimes} {zonename}", cwd="ns3").out.strip()
+ csk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -z UNRETENTIVE {TretN} -d UNRETENTIVE {TretN} -D ds {TretN} {csk1_name}",
cwd="ns3",
)
newtimes = f"-P {TpubN1} -P sync {TactN1} -A {TactN1} -I {TretN1} -D {TremN1}"
# Key generation.
- csk1_name = keygen(f"{keytimes} {zonename}", cwd="ns3").strip()
- csk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").strip()
+ csk1_name = keygen(f"{keytimes} {zonename}", cwd="ns3").out.strip()
+ csk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -z HIDDEN now-133h -d UNRETENTIVE {TactN1} -D ds {TactN1} {csk1_name}",
cwd="ns3",
)
newtimes = f"-P {TpubN1} -P sync {TactN1} -A {TactN1} -I {TretN1} -D {TremN1}"
# Key generation.
- csk1_name = keygen(f"{keytimes} {zonename}", cwd="ns3").strip()
- csk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").strip()
+ csk1_name = keygen(f"{keytimes} {zonename}", cwd="ns3").out.strip()
+ csk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k UNRETENTIVE {TremN} -r UNRETENTIVE {TremN} -z HIDDEN now-135h -d HIDDEN {TremN} {csk1_name}",
cwd="ns3",
)
newtimes = f"-P {TpubN1} -P sync {TactN1} -A {TactN1} -I {TretN1} -D {TremN1}"
# Key generation.
- csk1_name = keygen(f"{keytimes} {zonename}", cwd="ns3").strip()
- csk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").strip()
+ csk1_name = keygen(f"{keytimes} {zonename}", cwd="ns3").out.strip()
+ csk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k UNRETENTIVE {TremN} -r HIDDEN {TremN} -z HIDDEN {TactN1} -d HIDDEN {TremN} {csk1_name}",
cwd="ns3",
)
newtimes = f"-P {TpubN1} -P sync {TactN1} -A {TactN1} -I {TretN1} -D {TremN1}"
# Key generation.
- csk1_name = keygen(f"{keytimes} {zonename}", cwd="ns3").strip()
- csk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").strip()
+ csk1_name = keygen(f"{keytimes} {zonename}", cwd="ns3").out.strip()
+ csk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k UNRETENTIVE {TremN} -r UNRETENTIVE {TremN} -z HIDDEN now-2295h -d HIDDEN {TremN} {csk1_name}",
cwd="ns3",
# initial signing of a zone.
zones = []
zone = f"enable-dnssec.{tld}"
- keygen = CmdHelper("KEYGEN", f"-k {policy} -l kasp.conf")
- settime = CmdHelper("SETTIME", "-s")
+ keygen = EnvCmd("KEYGEN", f"-k {policy} -l kasp.conf")
+ settime = EnvCmd("SETTIME", "-s")
# Step 1:
# This is an unsigned zone and named should perform the initial steps of
TpubN = "now-900s"
keytimes = f"-P {TpubN} -A {TpubN}"
# Key generation.
- csk_name = keygen(f"{keytimes} {zonename}", cwd="ns3").strip()
+ csk_name = keygen(f"{keytimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g OMNIPRESENT -k RUMOURED {TpubN} -r RUMOURED {TpubN} -z RUMOURED {TpubN} -d HIDDEN {TpubN} {csk_name}",
cwd="ns3",
TpubN = "now-43500s"
keytimes = f"-P {TpubN} -A {TpubN}"
# Key generation.
- csk_name = keygen(f"{keytimes} {zonename}", cwd="ns3").strip()
+ csk_name = keygen(f"{keytimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g OMNIPRESENT -k OMNIPRESENT {TpubN} -r OMNIPRESENT {TpubN} -z RUMOURED {TpubN} -d HIDDEN {TpubN} {csk_name}",
cwd="ns3",
TsbmN = "now-10800s"
keytimes = f"-P {TpubN} -A {TpubN} -P sync {TsbmN}"
# Key generation.
- csk_name = keygen(f"{keytimes} {zonename}", cwd="ns3").strip()
+ csk_name = keygen(f"{keytimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g OMNIPRESENT -k OMNIPRESENT {TpubN} -r OMNIPRESENT {TpubN} -z OMNIPRESENT {TsbmN} -d RUMOURED {TpubN} -P ds {TsbmN} {csk_name}",
cwd="ns3",
def configure_going_insecure(tld: str, reconfig: bool = False) -> List[Zone]:
zones = []
- keygen = CmdHelper("KEYGEN", "-a ECDSA256 -L 7200")
- settime = CmdHelper("SETTIME", "-s")
+ keygen = EnvCmd("KEYGEN", "-a ECDSA256 -L 7200")
+ settime = EnvCmd("SETTIME", "-s")
# The child zones (step1, step2) beneath these zones represent the various
# steps of unsigning a zone.
keytimes = f"-P {TpubN} -A {TpubN}"
cdstimes = f"-P sync {TsbmN}"
# Key generation.
- ksk_name = keygen(f"-f KSK {keytimes} {cdstimes} {zonename}", cwd="ns3").strip()
- zsk_name = keygen(f"{keytimes} {zonename}", cwd="ns3").strip()
+ ksk_name = keygen(
+ f"-f KSK {keytimes} {cdstimes} {zonename}", cwd="ns3"
+ ).out.strip()
+ zsk_name = keygen(f"{keytimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g OMNIPRESENT -k OMNIPRESENT {TpubN} -r OMNIPRESENT {TpubN} -d OMNIPRESENT {TpubN} {ksk_name}",
cwd="ns3",
# Key generation.
ksk_name = keygen(
f"-f KSK {keytimes} {cdstimes} {zonename}", cwd="ns3"
- ).strip()
- zsk_name = keygen(f"{keytimes} {zonename}", cwd="ns3").strip()
+ ).out.strip()
+ zsk_name = keygen(f"{keytimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k OMNIPRESENT {TpubN} -r OMNIPRESENT {TpubN} -d UNRETENTIVE {TremN} -D ds {TremN} {ksk_name}",
cwd="ns3",
def configure_straight2none(tld: str) -> List[Zone]:
# These zones are going straight to "none" policy. This is undefined behavior.
zones = []
- keygen = CmdHelper("KEYGEN", "-k default")
- settime = CmdHelper("SETTIME", "-s")
+ keygen = EnvCmd("KEYGEN", "-k default")
+ settime = EnvCmd("SETTIME", "-s")
TpubN = "now-10d"
TsbmN = "now-12955mi"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
isctest.log.info(f"setup {zonename}")
# Key generation.
- csk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").strip()
+ csk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g OMNIPRESENT -k OMNIPRESENT {TpubN} -r OMNIPRESENT {TpubN} -z OMNIPRESENT {TpubN} -d OMNIPRESENT {TpubN} {csk_name}",
cwd="ns3",
)
isctest.log.info(f"setup {zonename}")
# Key generation.
- csk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").strip()
+ csk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g OMNIPRESENT -k OMNIPRESENT {TpubN} -r OMNIPRESENT {TpubN} -z OMNIPRESENT {TpubN} -d OMNIPRESENT {TpubN} {csk_name}",
cwd="ns3",
zones = []
zone = f"ksk-doubleksk.{tld}"
cds = "cds:sha-256"
- keygen = CmdHelper("KEYGEN", "-a ECDSAP256SHA256 -L 7200")
- settime = CmdHelper("SETTIME", "-s")
+ keygen = EnvCmd("KEYGEN", "-a ECDSAP256SHA256 -L 7200")
+ settime = EnvCmd("SETTIME", "-s")
# Step 1:
# Introduce the first key. This will immediately be active.
TactN = "now-7d"
keytimes = f"-P {TactN} -A {TactN}"
# Key generation.
- ksk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").strip()
- zsk_name = keygen(f"{keytimes} {zonename}", cwd="ns3").strip()
+ ksk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").out.strip()
+ zsk_name = keygen(f"{keytimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g OMNIPRESENT -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -d OMNIPRESENT {TactN} {ksk_name}",
cwd="ns3",
TactN = "now-1413h"
keytimes = f"-P {TactN} -A {TactN}"
# Key generation.
- ksk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").strip()
- zsk_name = keygen(f"{keytimes} {zonename}", cwd="ns3").strip()
+ ksk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").out.strip()
+ zsk_name = keygen(f"{keytimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g OMNIPRESENT -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -d OMNIPRESENT {TactN} {ksk_name}",
cwd="ns3",
newtimes = f"-P {TpubN1} -A {TactN1} -P sync {TactN1} -I {TretN1} -D {TremN1}"
zsktimes = f"-P {TpubN} -A {TpubN}"
# Key generation.
- ksk1_name = keygen(f"-f KSK {ksktimes} {zonename}", cwd="ns3").strip()
- ksk2_name = keygen(f"-f KSK {newtimes} {zonename}", cwd="ns3").strip()
- zsk_name = keygen(f"{zsktimes} {zonename}", cwd="ns3").strip()
+ ksk1_name = keygen(f"-f KSK {ksktimes} {zonename}", cwd="ns3").out.strip()
+ ksk2_name = keygen(f"-f KSK {newtimes} {zonename}", cwd="ns3").out.strip()
+ zsk_name = keygen(f"{zsktimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -d OMNIPRESENT {TactN} {ksk1_name}",
cwd="ns3",
newtimes = f"-P {TpubN1} -A {TactN1} -P sync {TactN1} -I {TretN1} -D {TremN1}"
zsktimes = f"-P {TpubN} -A {TpubN}"
# Key generation.
- ksk1_name = keygen(f"-f KSK {ksktimes} {zonename}", cwd="ns3").strip()
- ksk2_name = keygen(f"-f KSK {newtimes} {zonename}", cwd="ns3").strip()
- zsk_name = keygen(f"{zsktimes} {zonename}", cwd="ns3").strip()
+ ksk1_name = keygen(f"-f KSK {ksktimes} {zonename}", cwd="ns3").out.strip()
+ ksk2_name = keygen(f"-f KSK {newtimes} {zonename}", cwd="ns3").out.strip()
+ zsk_name = keygen(f"{zsktimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -d UNRETENTIVE {TretN} -D ds {TretN} {ksk1_name}",
cwd="ns3",
newtimes = f"-P {TpubN1} -A {TactN1} -P sync {TactN1} -I {TretN1} -D {TremN1}"
zsktimes = f"-P {TpubN} -A {TpubN}"
# Key generation.
- ksk1_name = keygen(f"-f KSK {ksktimes} {zonename}", cwd="ns3").strip()
- ksk2_name = keygen(f"-f KSK {newtimes} {zonename}", cwd="ns3").strip()
- zsk_name = keygen(f"{zsktimes} {zonename}", cwd="ns3").strip()
+ ksk1_name = keygen(f"-f KSK {ksktimes} {zonename}", cwd="ns3").out.strip()
+ ksk2_name = keygen(f"-f KSK {newtimes} {zonename}", cwd="ns3").out.strip()
+ zsk_name = keygen(f"{zsktimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k UNRETENTIVE {TretN} -r UNRETENTIVE {TretN} -d HIDDEN {TretN} {ksk1_name}",
cwd="ns3",
newtimes = f"-P {TpubN1} -A {TactN1} -P sync {TactN1} -I {TretN1} -D {TremN1}"
zsktimes = f"-P {TpubN} -A {TpubN}"
# Key generation.
- ksk1_name = keygen(f"-f KSK {ksktimes} {zonename}", cwd="ns3").strip()
- ksk2_name = keygen(f"-f KSK {newtimes} {zonename}", cwd="ns3").strip()
- zsk_name = keygen(f"{zsktimes} {zonename}", cwd="ns3").strip()
+ ksk1_name = keygen(f"-f KSK {ksktimes} {zonename}", cwd="ns3").out.strip()
+ ksk2_name = keygen(f"-f KSK {newtimes} {zonename}", cwd="ns3").out.strip()
+ zsk_name = keygen(f"{zsktimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k HIDDEN {TretN} -r HIDDEN {TretN} -d HIDDEN {TretN} {ksk1_name}",
cwd="ns3",
#
zones = []
cds = "cds:sha-256"
- keygen = CmdHelper("KEYGEN", "-a ECDSAP256SHA256 -L 7200")
- settime = CmdHelper("SETTIME", "-s")
+ keygen = EnvCmd("KEYGEN", "-a ECDSAP256SHA256 -L 7200")
+ settime = EnvCmd("SETTIME", "-s")
# Set up a zone that has a KSK (KEY1) and have the successor key (KEY2)
# published as well.
newtimes = f"-P {TpubN1} -A {TactN1} -P sync {TactN1} -I {TretN1} -D {TremN1}"
zsktimes = f"-P {TpubN} -A {TpubN}"
# Key generation.
- ksk1_name = keygen(f"-f KSK {ksktimes} {zonename}", cwd="ns3").strip()
- ksk2_name = keygen(f"-f KSK {newtimes} {zonename}", cwd="ns3").strip()
- zsk_name = keygen(f"{zsktimes} {zonename}", cwd="ns3").strip()
+ ksk1_name = keygen(f"-f KSK {ksktimes} {zonename}", cwd="ns3").out.strip()
+ ksk2_name = keygen(f"-f KSK {newtimes} {zonename}", cwd="ns3").out.strip()
+ zsk_name = keygen(f"{zsktimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g HIDDEN -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -d OMNIPRESENT {TactN} {ksk1_name}",
cwd="ns3",
# Pre-Publication rollover.
zones = []
zone = f"zsk-prepub.{tld}"
- keygen = CmdHelper("KEYGEN", "-a ECDSAP256SHA256 -L 3600")
- settime = CmdHelper("SETTIME", "-s")
+ keygen = EnvCmd("KEYGEN", "-a ECDSAP256SHA256 -L 3600")
+ settime = EnvCmd("SETTIME", "-s")
# Step 1:
# Introduce the first key. This will immediately be active.
TactN = "now-7d"
keytimes = f"-P {TactN} -A {TactN}"
# Key generation.
- ksk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").strip()
- zsk_name = keygen(f"{keytimes} {zonename}", cwd="ns3").strip()
+ ksk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").out.strip()
+ zsk_name = keygen(f"{keytimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g OMNIPRESENT -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -d OMNIPRESENT {TactN} {ksk_name}",
cwd="ns3",
TactN = "now-694h"
keytimes = f"-P {TactN} -A {TactN}"
# Key generation.
- ksk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").strip()
- zsk_name = keygen(f"{keytimes} {zonename}", cwd="ns3").strip()
+ ksk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").out.strip()
+ zsk_name = keygen(f"{keytimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g OMNIPRESENT -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -d OMNIPRESENT {TactN} {ksk_name}",
cwd="ns3",
oldtimes = f"-P {TactN} -A {TactN} -I {TactN1} -D {TremN}"
newtimes = f"-P {TpubN1} -A {TactN1}"
# Key generation.
- ksk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").strip()
- zsk1_name = keygen(f"{oldtimes} {zonename}", cwd="ns3").strip()
- zsk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").strip()
+ ksk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").out.strip()
+ zsk1_name = keygen(f"{oldtimes} {zonename}", cwd="ns3").out.strip()
+ zsk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g OMNIPRESENT -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -d OMNIPRESENT {TactN} {ksk_name}",
cwd="ns3",
oldtimes = f"-P {TactN} -A {TactN} -I {TactN1} -D {TremN}"
newtimes = f"-P {TpubN1} -A {TactN1}"
# Key generation.
- ksk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").strip()
- zsk1_name = keygen(f"{oldtimes} {zonename}", cwd="ns3").strip()
- zsk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").strip()
+ ksk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").out.strip()
+ zsk1_name = keygen(f"{oldtimes} {zonename}", cwd="ns3").out.strip()
+ zsk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g OMNIPRESENT -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -d OMNIPRESENT {TactN} {ksk_name}",
cwd="ns3",
oldtimes = f"-P {TactN} -A {TactN} -I {TactN1} -D {TremN}"
newtimes = f"-P {TpubN1} -A {TactN1}"
# Key generation.
- ksk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").strip()
- zsk1_name = keygen(f"{oldtimes} {zonename}", cwd="ns3").strip()
- zsk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").strip()
+ ksk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").out.strip()
+ zsk1_name = keygen(f"{oldtimes} {zonename}", cwd="ns3").out.strip()
+ zsk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g OMNIPRESENT -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -d OMNIPRESENT {TactN} {ksk_name}",
cwd="ns3",
oldtimes = f"-P {TactN} -A {TactN} -I {TactN1} -D {TremN}"
newtimes = f"-P {TpubN1} -A {TactN1}"
# Key generation.
- ksk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").strip()
- zsk1_name = keygen(f"{oldtimes} {zonename}", cwd="ns3").strip()
- zsk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").strip()
+ ksk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").out.strip()
+ zsk1_name = keygen(f"{oldtimes} {zonename}", cwd="ns3").out.strip()
+ zsk2_name = keygen(f"{newtimes} {zonename}", cwd="ns3").out.strip()
settime(
f"-g OMNIPRESENT -k OMNIPRESENT {TactN} -r OMNIPRESENT {TactN} -d OMNIPRESENT {TactN} {ksk_name}",
cwd="ns3",
projects / thirdparty / bind9.git / commitdiff
